Security News
Want to know what's in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features - or backdoors. "At Microsoft, our software engineers use open source software to provide our customers high-quality software and services. Recognizing the inherent risks in trusting open source software, we created a source code analyzer called Microsoft Application Inspector to identify 'interesting' features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on," Guy Acosta and Michael Scovetta, security program managers at Customer Security and Trust, Microsoft, explained the Inspector's genesis.
SpecFlow will continue to remain a free, open source offering for the software development and testing communities. The acquisition of SpecFlow adds best-in-class support for BDD and.
Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment. Regula rules are written in Rego, the open source policy language employed by the Open Policy Agent project and can be integrated into CI/CD pipelines to prevent cloud infrastructure deployments that may violate security and compliance best practices.
BNP Paribas' Patrick Pitchappa on Application SecurityBecause open source components have known vulnerabilities, it's important for companies to invest in the right tools to help developers build...
Six years into running the Patch Rewards Program to help improve the security of open source projects, Google has decided to provide upfront financial support for such initiatives. read more
Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers...
Dynatrace’s open source control plane simplifies IT’s journey to NoOps for cloud native environments
Dynatrace announced Keptn, an open source pluggable control plane to advance the industry movement toward autonomous clouds. Keptn provides the automation and orchestration of the processes and...
'Tis the season for open source gifts. But what to buy? Jack Wallen has a few ideas that are sure to put a smile on the faces of the open source lovers in your life.
Google on Monday announced that it has released the source code of a tool designed to help developers identify vulnerabilities related to file access. read more
Cisco Talos this week released a new tool designed to make it easier to create complex applications that have lengthy dependency chains. Called Mussels, the cross-platform, general-purpose...